>I just re-read your original post. > >> ...we have users that can surf as they like... > >Does that mean "without any restrictions"? If so, I'm pretty sure you >can accomplish this without squidGuard (strictly within squid acls).
Yes, I am doing kind of double defining already. Here's an example. I need to open up say www.cnn.com and news.bbc.co.uk for open access. I define those to squid in domain list: acl noauth_domain dstdomain "/usr/local/squid/etc/noauth_domains" acl noauth_regexp url_regex "/usr/local/squid/etc/noauth_regexps" acl password proxy_auth REQUIRED http_access allow noauth_domain http_access allow noauth_regexp http_access allow password http_access deny all well, now it kind of works. All users can access www.cnn.com or news.bbc.co.uk but those who do not have proxy account will get one or two annoying proxy password questions, because these pages also have some references to other domains, like imrworldwide.com and ar.atwola.com. Now I use squidGuard to redirect these sites for non-authenticated users to a local cgi script to get rid of these proxy authorization prompts. (A bit annoying is that I have to put these other domains/sites to the noauth lists also). Hope this gives a bit more details and background to my question. Do you have a better idea to accomplish a setup for this kind of proxy access? Regards Antti Vahalummukka
